- Marks & Spencer underwent a cyber-incident in April 2025
- The reports said that the attack was the work of SCORTEDSPIDER
- Tata Consultancy SERVICES INVESTIVE if the attack came from its network
Tata Consultancy Services (TCS), an Indian IT company and part of the massive Tata group conglomerate, is currently examining whether the recent cyber attack on Marks & Spencer (M&S) comes from its infrastructure.
At the end of April 2025, M&S confirmed that it had suffered from a “cyber-incident” which affected its stores and led to the modifications to store operations.
Subsequent reports have indicated that the company should take some of its offline systems and processes, and was forced to deactivate without contact and click and collect services in stores, because the incident was, in fact, a ransomware attack. Online orders have also been interrupted. The disturbance persisted for weeks, the market capitalization of M&S fell by 1 billion pounds sterling and customer data would have been stolen by the actors.
TATA Target
It had been reported that the group known as Spander Spider was behind the test
NOW, BBC News TCS reports, which have been maintaining M&S for more than a decade, examines whether it was the springboard to the attack. The two parties are currently silent, but the investigation should end before June 2025.
TCS is part of the large Indian Conglomerate group Tata, which has more than 100 companies in a wide range of industries. As such, it is a major target for all kinds of cybercriminals, and about two years ago, the hive ransomware hit Tata Power, the largest integrated electricity company in India. At the start of this year, Tata Technologies, a world supplier of engineering services was also attacked.
The attack would be the work of Spander Spider, an organization of ransomware generally targeting British retailers, financial institutions, technological companies and entertainment / game organizations. The group is not as united as organizations such as Lockbit or CL0P.
It is relatively cowardly and operates within a greater hairy hacking community under the name of “com”. Its members engage in all kinds of attacks, social engineering and the exchange of SIM, in ransomware.
Via Bbc
